Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possibly Infected - "Windows Cannot Find <RandNameHere.EXE>"


  • This topic is locked This topic is locked
8 replies to this topic

#1 Killa78

Killa78

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:36 AM

Posted 04 April 2013 - 08:51 PM

I had installed TuneUp to get my computer running better, it worked for the trial period but once i uninstalled it it seems to have hurt me. There's a select few programs i run that cause my PC to spit out the error "Windows Cannot Find <FilePath/EXENAMEHERE.exe>"

 

Some of those include - Steam.exe , AlienAutopsy(pcdlauncer.exe) And more but there rarely used.

 

When i click on the shortcut OR the EXE (Directly from the directory itself) it states it cannot be found.. even though it is right there where it's saying it cannot be found, changing the EXE name allows it to run. (But that doesnt fix the error that its broken when trying to do it normally). The problem exists that Steam.exe will not run if it is named anything other than Steam.exe

 

Here is the DDS.txt log

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 9.0.8112.16464  BrowserJavaVersion: 10.17.2

Run by Killa at 21:39:12 on 2013-04-04

Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.4044.2308 [GMT -4:00]

.

AV: GFI Software VIPRE *Enabled/Updated* {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: GFI Software VIPRE *Enabled/Updated* {5BB89C30-6480-BC7C-9F17-199BD76F557A}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\WLANExt.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\GFI Software\VIPRE\SBPIMSvc.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Alienware\Command Center\AWCCServiceController.exe

C:\Program Files\TortoiseSVN\bin\TSVNCache.exe

C:\Users\Killa\AppData\Local\Apps\2.0\G3AWA4V3.2A2\JYLE2BRJ.6EA\curs..tion_9e9e83ddf3ed3ead_0005.0001_35ab96b1121a112c\CurseClient.exe

C:\Program Files (x86)\GFI Software\VIPRE\SBAMSvc.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe

C:\Program Files (x86)\GFI Software\VIPRE\SBAMTray.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher32.exe

C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher64.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe

C:\Windows\system32\wuauclt.exe

C:\Windows\system32\svchost.exe -k SDRSVC

C:\Program Files\AlienAutopsy\pcdrcui.exe

C:\Windows\system32\vssvc.exe

C:\Windows\System32\svchost.exe -k swprv

C:\Program Files\AlienAutopsy\pcdrrealtime.p5x

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10042&barid={EACD241C-8E97-11E2-8CA0-D4BED928AF32}

uDefault_Page_URL = hxxp://AlienwareArena.com

mStart Page = hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10042&barid={EACD241C-8E97-11E2-8CA0-D4BED928AF32}

mWinlogon: Userinit = userinit.exe,

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

uRun: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe                                                                                                                                                                                                              

uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent

mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe                                                                                                                                                                                                    

mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin                                                                                                                                                                     

mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [SBAMTray] "C:\Program Files (x86)\GFI Software\VIPRE\SBAMTray.exe"

mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

mRunOnce: [InnoSetupRegFile.0000000001] "C:\Windows\is-RFQKJ.exe" /REG /REGSVRMODE

StartupFolder: C:\Users\Killa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:0

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableLUA = dword:0

mPolicies-System: EnableUIADesktopToggle = dword:0

mPolicies-System: PromptOnSecureDesktop = dword:0

IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBC} - C:\Program Files (x86)\Java\jre7\bin\jp2iexp.dll

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab

DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab

TCP: NameServer = 192.168.1.1

TCP: Interfaces\{2A8033AA-E23C-433B-9221-3C211CFCCF72} : DHCPNameServer = 10.0.1.1

TCP: Interfaces\{2A848821-F6ED-4352-8BC7-21E1A4B7E7DE} : DHCPNameServer = 192.168.1.1

TCP: Interfaces\{2A848821-F6ED-4352-8BC7-21E1A4B7E7DE}\44F6E6470255375602D456022427F6 : DHCPNameServer = 192.168.1.1

TCP: Interfaces\{2A848821-F6ED-4352-8BC7-21E1A4B7E7DE}\45865605275637964656E6479616C653 : DHCPNameServer = 192.168.1.1

TCP: Interfaces\{2A848821-F6ED-4352-8BC7-21E1A4B7E7DE}\47162696478616D6561646F67737 : DHCPNameServer = 192.168.1.1

TCP: Interfaces\{2A848821-F6ED-4352-8BC7-21E1A4B7E7DE}\C696E6B6379737 : DHCPNameServer = 192.168.1.1

TCP: Interfaces\{2A848821-F6ED-4352-8BC7-21E1A4B7E7DE}\E4544574541425 : DHCPNameServer = 192.168.88.1

TCP: Interfaces\{2A848821-F6ED-4352-8BC7-21E1A4B7E7DE}\E45445745414251363 : DHCPNameServer = 192.168.1.1

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

AppInit_DLLs= C:\Windows\SysWOW64\nvinit.dll

SSODL: WebCheck - <orphaned>

IFEO: AcroRd32.exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"

IFEO: bttray.exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"

IFEO: iastorui.exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"

IFEO: imfrmwrk.exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"

IFEO: kscviewer.exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"

x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

x64-Run: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray                                                                                                                                                                                

x64-Run: [Command Center Controllers] "C:\Program Files\Alienware\Command Center\AWCCStartupOrchestrator.exe"

x64-Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"

x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe

x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe

x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe

x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s

x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /MAXX3

x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"                                                                                                                                                                                     

x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-Notify: igfxcui - igfxdev.dll

x64-SSODL: WebCheck - <orphaned>

x64-IFEO: AcroRd32.exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"

x64-IFEO: bttray.exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"

x64-IFEO: iastorui.exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"

x64-IFEO: imfrmwrk.exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"

x64-IFEO: kscviewer.exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"

.

Note: multiple IFEO entries found. Please refer to Attach.txt

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Killa\AppData\Roaming\Mozilla\Firefox\Profiles\ubz5znh5.default\

FF - prefs.js: browser.search.defaulturl -

FF - prefs.js: browser.search.selectedEngine -

FF - prefs.js: network.proxy.type - 0

FF - plugin: C:\Game\SoftnyxGame\NyxLauncherIS\npSoftnyx.dll

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

FF - plugin: C:\Users\Killa\AppData\Roaming\raidcall\plugins\nprcplugin.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll

FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll

FF - plugin: C:\Windows\SysWOW64\npmproxy.dll

.

============= SERVICES / DRIVERS ===============

.

R0 EMSC;COMPAL Embedded System Control;C:\Windows\System32\drivers\EMSC.sys [2009-6-26 16752]

R0 nvpciflt;nvpciflt;C:\Windows\System32\drivers\nvpciflt.sys [2013-1-8 30648]

R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2012-4-19 55856]

R0 stdcfltn;Disk Class Filter Driver for Accelerometer;C:\Windows\System32\drivers\stdcfltn.sys [2012-4-19 21616]

R1 nvkflt;nvkflt;C:\Windows\System32\drivers\nvkflt.sys [2013-1-8 284600]

R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-9-30 398184]

R2 SBAMSvc;VIPRE Antivirus;C:\Program Files (x86)\GFI Software\VIPRE\SBAMSvc.exe [2013-2-20 3680512]

R2 sbapifs;sbapifs;C:\Windows\System32\drivers\sbapifs.sys [2012-12-4 86968]

R2 SBPIMSvc;SB Recovery Service;C:\Program Files (x86)\GFI Software\VIPRE\SBPIMSvc.exe [2013-2-20 175936]

R3 Acceler;Accelerometer Service;C:\Windows\System32\drivers\Accelern.sys [2012-4-19 27760]

R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2012-4-19 176096]

R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-4-19 317440]

R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2012-4-19 76912]

R3 ManyCam;ManyCam Virtual Webcam;C:\Windows\System32\drivers\mcvidrv_x64.sys [2013-2-8 44928]

R3 mcaudrv_simple;ManyCam Virtual Microphone;C:\Windows\System32\drivers\mcaudrv_x64.sys [2012-10-10 29696]

R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2012-4-19 82432]

R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2012-4-19 181760]

R3 nvoclk64;NVIDIA Enthusiasts Platform KDM;C:\Windows\System32\drivers\nvoclk64.sys [2009-9-15 42088]

R3 PCDSRVC{0FF99CEB-15C9CE9E-06020200}_0;PCDSRVC{0FF99CEB-15C9CE9E-06020200}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\AlienAutopsy\pcdsrvc_x64.pkms [2012-8-17 25584]

R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2012-4-19 337512]

R3 sbwtis;sbwtis;C:\Windows\System32\drivers\sbwtis.sys [2012-12-11 88864]

R3 wdkmd;Intel WiDi KMD;C:\Windows\System32\drivers\WDKMD.sys [2010-12-1 42392]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 btwampfl;Bluetooth AMP USB Filter;C:\Windows\System32\drivers\btwampfl.sys [2012-4-19 344616]

S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2012-4-19 39464]

S3 gfiark;gfiark;C:\Windows\System32\drivers\gfiark.sys [2013-4-3 38456]

S3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2012-4-19 158976]

S3 npggsvc;nProtect GameGuard Service;C:\Windows\System32\GameMon.des -service --> C:\Windows\System32\GameMon.des -service [?]

S3 rak;rak;C:\Game\SoftnyxGame\RakionIS\Bin\avital\rakion64.sys [2013-3-18 81880]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-2-15 52736]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-4-27 1255736]

S4 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2012-5-10 98208]

S4 AlienFusionService;Alienware Fusion Service;C:\Program Files\Alienware\Command Center\AlienFusionService.exe [2011-3-22 15296]

S4 HiPatchService;Hi-Rez Studios Authenticate and Update Service;C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [2013-2-25 8704]

S4 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-4-19 13336]

S4 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-12-17 340240]

S4 SftService;SoftThinks Agent Service;C:\Program Files (x86)\AlienRespawn\SftService.exe [2012-4-19 1695040]

S4 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-1-8 161536]

S4 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-12-29 383416]

S4 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]

S4 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-7-20 2673064]

.

=============== Created Last 30 ================

.

2013-04-05 01:33:08    710504    ----a-w-    C:\Windows\is-RFQKJ.exe

2013-04-04 22:23:35    --------    d-----w-    C:\Users\Killa\AppData\Roaming\Curse Advertising

2013-04-03 17:33:47    38456    ----a-w-    C:\Windows\System32\drivers\gfiark.sys

2013-04-03 17:32:19    --------    d-----w-    C:\ProgramData\GFI Software

2013-04-03 17:32:02    47936    ----a-w-    C:\Windows\System32\sbbd.exe

2013-04-03 17:31:15    --------    d-----w-    C:\Program Files (x86)\GFI Software

2013-04-03 17:31:08    --------    d-----w-    C:\Users\Killa\AppData\Roaming\GFI Software

2013-04-03 17:23:46    --------    d-----w-    C:\Program Files (x86)\Steam

2013-04-03 17:07:10    --------    d-----w-    C:\Program Files\CCleaner

2013-04-03 17:00:41    1644    ----a-w-    C:\file.reg

2013-04-02 08:37:35    9311288    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{00A1BECC-92C2-498C-B6BC-D19179AB8A83}\mpengine.dll

2013-03-27 13:49:12    --------    d-----w-    C:\Program Files (x86)\RIFT

2013-03-19 04:52:48    5017816    ----a-w-    C:\Windows\SysWow64\GameMon.des

2013-03-19 04:50:02    4682    ----a-w-    C:\Windows\SysWow64\npptNT2.sys

2013-03-19 04:50:01    5174    ----a-w-    C:\Windows\SysWow64\nppt9x.vxd

2013-03-19 04:49:57    --------    d-----w-    C:\Program Files\Common Files\INCA Shared

2013-03-19 04:39:05    --------    d-----w-    C:\Program Files (x86)\CABAL Online (NA - Global)

2013-03-19 02:36:53    --------    d-----w-    C:\Game

2013-03-17 18:33:42    --------    d-----w-    C:\Windows\CleanMem

2013-03-17 18:33:42    --------    d-----w-    C:\Program Files (x86)\CleanMem

2013-03-17 00:29:12    --------    d-----w-    C:\Users\Killa\AppData\Roaming\EpicBot

2013-03-16 00:32:53    --------    d-----w-    C:\Users\Killa\jagexcache

2013-03-15 20:15:15    --------    d-----w-    C:\Program Files (x86)\EpicBot

2013-03-11 23:00:55    95648    ----a-w-    C:\Windows\SysWow64\WindowsAccessBridge-32.dll

2013-03-07 20:28:47    --------    d-----w-    C:\Program Files (x86)\SplitMediaLabs

2013-03-07 20:19:31    --------    d-----w-    C:\Users\Killa\AppData\Roaming\foobar2000

2013-03-07 20:19:25    --------    d-----w-    C:\Program Files (x86)\foobar2000

2013-03-06 09:53:28    --------    d-----w-    C:\Users\Killa\AppData\Roaming\raidcall

2013-03-06 09:53:23    --------    d-----w-    C:\Program Files (x86)\RaidCall

.

==================== Find3M  ====================

.

2013-03-11 23:00:52    861088    ----a-w-    C:\Windows\SysWow64\npDeployJava1.dll

2013-03-11 23:00:52    782240    ----a-w-    C:\Windows\SysWow64\deployJava1.dll

2013-02-21 01:30:50    47936    ----a-w-    C:\Windows\SysWow64\sbbd.exe

2013-02-13 13:43:26    963488    ----a-w-    C:\Windows\System32\deployJava1.dll

2013-02-13 13:43:26    1085344    ----a-w-    C:\Windows\System32\npDeployJava1.dll

2013-02-13 13:43:26    108448    ----a-w-    C:\Windows\System32\WindowsAccessBridge-64.dll

2013-02-09 00:52:31    74096    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-02-09 00:52:31    697712    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe

2013-01-17 05:28:58    273840    ------w-    C:\Windows\System32\MpSigStub.exe

2013-01-09 01:19:09    2312704    ----a-w-    C:\Windows\System32\jscript9.dll

2013-01-09 01:12:03    1392128    ----a-w-    C:\Windows\System32\wininet.dll

2013-01-09 01:11:06    1494528    ----a-w-    C:\Windows\System32\inetcpl.cpl

2013-01-09 01:07:51    173056    ----a-w-    C:\Windows\System32\ieUnatt.exe

2013-01-09 01:07:47    599040    ----a-w-    C:\Windows\System32\vbscript.dll

2013-01-09 01:04:42    2382848    ----a-w-    C:\Windows\System32\mshtml.tlb

2013-01-08 22:11:21    1800704    ----a-w-    C:\Windows\SysWow64\jscript9.dll

2013-01-08 22:03:20    1129472    ----a-w-    C:\Windows\SysWow64\wininet.dll

2013-01-08 22:03:12    1427968    ----a-w-    C:\Windows\SysWow64\inetcpl.cpl

2013-01-08 21:59:02    142848    ----a-w-    C:\Windows\SysWow64\ieUnatt.exe

2013-01-08 21:58:29    420864    ----a-w-    C:\Windows\SysWow64\vbscript.dll

2013-01-08 21:56:23    2382848    ----a-w-    C:\Windows\SysWow64\mshtml.tlb

2013-01-05 05:53:43    5553512    ----a-w-    C:\Windows\System32\ntoskrnl.exe

2013-01-05 05:00:15    3967848    ----a-w-    C:\Windows\SysWow64\ntkrnlpa.exe

2013-01-05 05:00:11    3913064    ----a-w-    C:\Windows\SysWow64\ntoskrnl.exe

.

============= FINISH: 21:39:44.19 ===============

 

Attach.exe is attached to this post.

 

Also i installed HijackThis to produde a HijackThis Log for you incase you need it.

Aswell, I do have TortisSVN, Teamviewer installed on purpose.

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 9:49:20 PM, on 4/4/2013

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v9.00 (9.00.8112.16464)

Boot mode: Normal



Running processes:

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe

C:\Program Files (x86)\GFI Software\VIPRE\SBAMTray.exe

C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher32.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe

C:\Windows\SysWOW64\NOTEPAD.EXE

C:\Windows\SysWOW64\NOTEPAD.EXE

C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe



R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://AlienwareArena.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10042&barid={EACD241C-8E97-11E2-8CA0-D4BED928AF32}

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10042&barid={EACD241C-8E97-11E2-8CA0-D4BED928AF32}

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

F2 - REG:system.ini: UserInit=userinit.exe,

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe                                                                                                                                                                                                    

O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin                                                                                                                                                                     

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [SBAMTray] "C:\Program Files (x86)\GFI Software\VIPRE\SBAMTray.exe"

O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

O4 - HKLM\..\RunOnce: [InnoSetupRegFile.0000000001] "C:\Windows\is-RFQKJ.exe" /REG /REGSVRMODE

O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe                                                                                                                                                                                                              

O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent

O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

O4 - Startup: CurseClientStartup.ccip

O4 - Global Startup: Bluetooth.lnk = ?

O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre7\bin\jp2iexp.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre7\bin\jp2iexp.dll

O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)

O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: VIPRE Antivirus (SBAMSvc) - GFI Software - C:\Program Files (x86)\GFI Software\VIPRE\SBAMSvc.exe

O23 - Service: SB Recovery Service (SBPIMSvc) - GFI Software - C:\Program Files (x86)\GFI Software\VIPRE\SBPIMSvc.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)



--

End of file - 9388 bytes

 

If anything else is requested please ask and i will comply no problem :)

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,520 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:36 AM

Posted 06 April 2013 - 07:40 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Your best option now is to restore your computer to a date prior of using the TuneUp program.
http://windows.microsoft.com/en-IN/windows7/What-are-the-system-recovery-options-in-Windows-7

===

Then run the DDS tool again and post the log.
Before you save the log make sure that the Word Wrap is removed in Notepad.(look in the Format menu).

This will remove all the blanks lines you present have in your log.

Let me know what problem persists.

#3 Killa78

Killa78
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:36 AM

Posted 06 April 2013 - 03:33 PM

Unfortunatly Tune-Up removed all "restore points" prior to it being installed. so there's literally no more restore points before it was installed.



#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,520 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:36 AM

Posted 07 April 2013 - 07:36 AM

One more reason not to use your Tune-up tool.

 

Can you post a fresh DDS log as requested.

Make sure you remove the blank lines.



#5 Killa78

Killa78
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:36 AM

Posted 07 April 2013 - 02:04 PM

One more reason not to use your Tune-up tool.
 
Can you post a fresh DDS log as requested.
Make sure you remove the blank lines.

 
As i said in the origional post,
 

I had installed TuneUp to get my computer running better, it worked for the trial period but once i uninstalled it it seems to have hurt me.

 
 
Here is your new DDOS log, i have uninstalled the tuneup tool, and it's been uninstalled for a month or so... i dont use it, i used it for 14 days or whatever the trial was, and then uninstalled.
 
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 9.0.8112.16464  BrowserJavaVersion: 10.17.2

Run by Killa at 14:57:01 on 2013-04-07

Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.4044.2605 [GMT -4:00]

.

AV: GFI Software VIPRE *Enabled/Updated* {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: GFI Software VIPRE *Enabled/Updated* {5BB89C30-6480-BC7C-9F17-199BD76F557A}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\WLANExt.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\GFI Software\VIPRE\SBPIMSvc.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Alienware\Command Center\AWCCServiceController.exe

C:\Program Files\TortoiseSVN\bin\TSVNCache.exe

C:\Program Files (x86)\GFI Software\VIPRE\SBAMSvc.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe

C:\Program Files (x86)\GFI Software\VIPRE\SBAMTray.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher32.exe

C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher64.exe

C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe

C:\Windows\system32\wuauclt.exe

C:\Windows\system32\svchost.exe -k SDRSVC

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Windows\system32\igfxtray.exe

C:\Windows\system32\hkcmd.exe

C:\Program Files (x86)\AlienRespawn\components\scheduler\stservice.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Users\Killa\AppData\Local\Apps\2.0\G3AWA4V3.2A2\JYLE2BRJ.6EA\curs..tion_9e9e83ddf3ed3ead_0005.0001_dcfaec929722f6ac\CurseClient.exe

C:\Users\Killa\Desktop\putty.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe

C:\Program Files\AlienAutopsy\imstrayicon.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\taskmgr.exe

C:\Windows\system32\vssvc.exe

C:\Windows\System32\svchost.exe -k swprv

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10042&barid={EACD241C-8E97-11E2-8CA0-D4BED928AF32}

uDefault_Page_URL = hxxp://AlienwareArena.com

mStart Page = hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10042&barid={EACD241C-8E97-11E2-8CA0-D4BED928AF32}

mWinlogon: Userinit = userinit.exe,

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

uRun: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe                                                                                                                                                                                                              

uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent

mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe                                                                                                                                                                                                    

mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin                                                                                                                                                                     

mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [SBAMTray] "C:\Program Files (x86)\GFI Software\VIPRE\SBAMTray.exe"

mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

mRunOnce: [InnoSetupRegFile.0000000001] "C:\Windows\is-RFQKJ.exe" /REG /REGSVRMODE

StartupFolder: C:\Users\Killa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:0

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableLUA = dword:0

mPolicies-System: EnableUIADesktopToggle = dword:0

mPolicies-System: PromptOnSecureDesktop = dword:0

IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBC} - C:\Program Files (x86)\Java\jre7\bin\jp2iexp.dll

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab

DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab

TCP: NameServer = 192.168.1.1

TCP: Interfaces\{2A8033AA-E23C-433B-9221-3C211CFCCF72} : DHCPNameServer = 10.0.1.1

TCP: Interfaces\{2A848821-F6ED-4352-8BC7-21E1A4B7E7DE} : DHCPNameServer = 192.168.1.1

TCP: Interfaces\{2A848821-F6ED-4352-8BC7-21E1A4B7E7DE}\44F6E6470255375602D456022427F6 : DHCPNameServer = 192.168.1.1

TCP: Interfaces\{2A848821-F6ED-4352-8BC7-21E1A4B7E7DE}\45865605275637964656E6479616C653 : DHCPNameServer = 192.168.1.1

TCP: Interfaces\{2A848821-F6ED-4352-8BC7-21E1A4B7E7DE}\47162696478616D6561646F67737 : DHCPNameServer = 192.168.1.1

TCP: Interfaces\{2A848821-F6ED-4352-8BC7-21E1A4B7E7DE}\C696E6B6379737 : DHCPNameServer = 192.168.1.1

TCP: Interfaces\{2A848821-F6ED-4352-8BC7-21E1A4B7E7DE}\E4544574541425 : DHCPNameServer = 192.168.88.1

TCP: Interfaces\{2A848821-F6ED-4352-8BC7-21E1A4B7E7DE}\E45445745414251363 : DHCPNameServer = 192.168.1.1

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

AppInit_DLLs= C:\Windows\SysWOW64\nvinit.dll

SSODL: WebCheck - <orphaned>

IFEO: AcroRd32.exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"

IFEO: bttray.exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"

IFEO: iastorui.exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"

IFEO: imfrmwrk.exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"

IFEO: kscviewer.exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"

x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

x64-Run: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray                                                                                                                                                                                

x64-Run: [Command Center Controllers] "C:\Program Files\Alienware\Command Center\AWCCStartupOrchestrator.exe"

x64-Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"

x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe

x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe

x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe

x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s

x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /MAXX3

x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"                                                                                                                                                                                     

x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-Notify: igfxcui - igfxdev.dll

x64-SSODL: WebCheck - <orphaned>

x64-IFEO: AcroRd32.exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"

x64-IFEO: bttray.exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"

x64-IFEO: iastorui.exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"

x64-IFEO: imfrmwrk.exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"

x64-IFEO: kscviewer.exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"

.

Note: multiple IFEO entries found. Please refer to Attach.txt

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Killa\AppData\Roaming\Mozilla\Firefox\Profiles\ubz5znh5.default\

FF - prefs.js: browser.search.defaulturl -

FF - prefs.js: browser.search.selectedEngine -

FF - prefs.js: network.proxy.type - 0

FF - plugin: C:\Game\SoftnyxGame\NyxLauncherIS\npSoftnyx.dll

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

FF - plugin: C:\Users\Killa\AppData\Roaming\raidcall\plugins\nprcplugin.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll

FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll

FF - plugin: C:\Windows\SysWOW64\npmproxy.dll

.

============= SERVICES / DRIVERS ===============

.

R0 EMSC;COMPAL Embedded System Control;C:\Windows\System32\drivers\EMSC.sys [2009-6-26 16752]

R0 nvpciflt;nvpciflt;C:\Windows\System32\drivers\nvpciflt.sys [2013-1-8 30648]

R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2012-4-19 55856]

R0 stdcfltn;Disk Class Filter Driver for Accelerometer;C:\Windows\System32\drivers\stdcfltn.sys [2012-4-19 21616]

R1 nvkflt;nvkflt;C:\Windows\System32\drivers\nvkflt.sys [2013-1-8 284600]

R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-9-30 398184]

R2 SBAMSvc;VIPRE Antivirus;C:\Program Files (x86)\GFI Software\VIPRE\SBAMSvc.exe [2013-2-20 3680512]

R2 sbapifs;sbapifs;C:\Windows\System32\drivers\sbapifs.sys [2012-12-4 86968]

R2 SBPIMSvc;SB Recovery Service;C:\Program Files (x86)\GFI Software\VIPRE\SBPIMSvc.exe [2013-2-20 175936]

R3 Acceler;Accelerometer Service;C:\Windows\System32\drivers\Accelern.sys [2012-4-19 27760]

R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2012-4-19 176096]

R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-4-19 317440]

R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2012-4-19 76912]

R3 ManyCam;ManyCam Virtual Webcam;C:\Windows\System32\drivers\mcvidrv_x64.sys [2013-2-8 44928]

R3 mcaudrv_simple;ManyCam Virtual Microphone;C:\Windows\System32\drivers\mcaudrv_x64.sys [2012-10-10 29696]

R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2012-4-19 82432]

R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2012-4-19 181760]

R3 nvoclk64;NVIDIA Enthusiasts Platform KDM;C:\Windows\System32\drivers\nvoclk64.sys [2009-9-15 42088]

R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2012-4-19 337512]

R3 sbwtis;sbwtis;C:\Windows\System32\drivers\sbwtis.sys [2012-12-11 88864]

R3 wdkmd;Intel WiDi KMD;C:\Windows\System32\drivers\WDKMD.sys [2010-12-1 42392]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 btwampfl;Bluetooth AMP USB Filter;C:\Windows\System32\drivers\btwampfl.sys [2012-4-19 344616]

S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2012-4-19 39464]

S3 gfiark;gfiark;C:\Windows\System32\drivers\gfiark.sys [2013-4-3 38456]

S3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2012-4-19 158976]

S3 npggsvc;nProtect GameGuard Service;C:\Windows\System32\GameMon.des -service --> C:\Windows\System32\GameMon.des -service [?]

S3 rak;rak;C:\Game\SoftnyxGame\RakionIS\Bin\avital\rakion64.sys [2013-3-18 81880]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-2-15 52736]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-4-27 1255736]

S4 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2012-5-10 98208]

S4 AlienFusionService;Alienware Fusion Service;C:\Program Files\Alienware\Command Center\AlienFusionService.exe [2011-3-22 15296]

S4 HiPatchService;Hi-Rez Studios Authenticate and Update Service;C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [2013-2-25 8704]

S4 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-4-19 13336]

S4 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-12-17 340240]

S4 SftService;SoftThinks Agent Service;C:\Program Files (x86)\AlienRespawn\SftService.exe [2012-4-19 1695040]

S4 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-1-8 161536]

S4 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-12-29 383416]

S4 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]

S4 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-7-20 2673064]

.

=============== Created Last 30 ================

.

2013-04-06 00:55:39    --------    d-----w-    C:\Users\Killa\AppData\Roaming\.minecraft

2013-04-05 01:46:37    388096    ----a-r-    C:\Users\Killa\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2013-04-05 01:46:37    --------    d-----w-    C:\Program Files (x86)\Trend Micro

2013-04-05 01:33:08    710504    ----a-w-    C:\Windows\is-RFQKJ.exe

2013-04-04 22:23:35    --------    d-----w-    C:\Users\Killa\AppData\Roaming\Curse Advertising

2013-04-03 17:33:47    38456    ----a-w-    C:\Windows\System32\drivers\gfiark.sys

2013-04-03 17:32:19    --------    d-----w-    C:\ProgramData\GFI Software

2013-04-03 17:32:02    47936    ----a-w-    C:\Windows\System32\sbbd.exe

2013-04-03 17:31:15    --------    d-----w-    C:\Program Files (x86)\GFI Software

2013-04-03 17:31:08    --------    d-----w-    C:\Users\Killa\AppData\Roaming\GFI Software

2013-04-03 17:23:46    --------    d-----w-    C:\Program Files (x86)\Steam

2013-04-03 17:07:10    --------    d-----w-    C:\Program Files\CCleaner

2013-04-03 17:00:41    1644    ----a-w-    C:\file.reg

2013-04-02 08:37:35    9311288    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{00A1BECC-92C2-498C-B6BC-D19179AB8A83}\mpengine.dll

2013-03-27 13:49:12    --------    d-----w-    C:\Program Files (x86)\RIFT

2013-03-19 04:52:48    5017816    ----a-w-    C:\Windows\SysWow64\GameMon.des

2013-03-19 04:50:02    4682    ----a-w-    C:\Windows\SysWow64\npptNT2.sys

2013-03-19 04:50:01    5174    ----a-w-    C:\Windows\SysWow64\nppt9x.vxd

2013-03-19 04:49:57    --------    d-----w-    C:\Program Files\Common Files\INCA Shared

2013-03-19 04:39:05    --------    d-----w-    C:\Program Files (x86)\CABAL Online (NA - Global)

2013-03-19 02:36:53    --------    d-----w-    C:\Game

2013-03-17 18:33:42    --------    d-----w-    C:\Windows\CleanMem

2013-03-17 18:33:42    --------    d-----w-    C:\Program Files (x86)\CleanMem

2013-03-17 00:29:12    --------    d-----w-    C:\Users\Killa\AppData\Roaming\EpicBot

2013-03-16 00:32:53    --------    d-----w-    C:\Users\Killa\jagexcache

2013-03-15 20:15:15    --------    d-----w-    C:\Program Files (x86)\EpicBot

2013-03-11 23:00:55    95648    ----a-w-    C:\Windows\SysWow64\WindowsAccessBridge-32.dll

.

==================== Find3M  ====================

.

2013-03-11 23:00:52    861088    ----a-w-    C:\Windows\SysWow64\npDeployJava1.dll

2013-03-11 23:00:52    782240    ----a-w-    C:\Windows\SysWow64\deployJava1.dll

2013-02-21 01:30:50    47936    ----a-w-    C:\Windows\SysWow64\sbbd.exe

2013-02-13 13:43:26    963488    ----a-w-    C:\Windows\System32\deployJava1.dll

2013-02-13 13:43:26    1085344    ----a-w-    C:\Windows\System32\npDeployJava1.dll

2013-02-13 13:43:26    108448    ----a-w-    C:\Windows\System32\WindowsAccessBridge-64.dll

2013-02-09 00:52:31    74096    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-02-09 00:52:31    697712    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe

2013-01-17 05:28:58    273840    ------w-    C:\Windows\System32\MpSigStub.exe

2013-01-09 01:19:09    2312704    ----a-w-    C:\Windows\System32\jscript9.dll

2013-01-09 01:12:03    1392128    ----a-w-    C:\Windows\System32\wininet.dll

2013-01-09 01:11:06    1494528    ----a-w-    C:\Windows\System32\inetcpl.cpl

2013-01-09 01:07:51    173056    ----a-w-    C:\Windows\System32\ieUnatt.exe

2013-01-09 01:07:47    599040    ----a-w-    C:\Windows\System32\vbscript.dll

2013-01-09 01:04:42    2382848    ----a-w-    C:\Windows\System32\mshtml.tlb

2013-01-08 22:11:21    1800704    ----a-w-    C:\Windows\SysWow64\jscript9.dll

2013-01-08 22:03:20    1129472    ----a-w-    C:\Windows\SysWow64\wininet.dll

2013-01-08 22:03:12    1427968    ----a-w-    C:\Windows\SysWow64\inetcpl.cpl

2013-01-08 21:59:02    142848    ----a-w-    C:\Windows\SysWow64\ieUnatt.exe

2013-01-08 21:58:29    420864    ----a-w-    C:\Windows\SysWow64\vbscript.dll

2013-01-08 21:56:23    2382848    ----a-w-    C:\Windows\SysWow64\mshtml.tlb

.

============= FINISH: 14:57:12.42 ===============
 
and attach is attached, along with Ddos saved in a non wordwrapped file.

Attached Files


Edited by nasdaq, 08 April 2013 - 06:53 AM.


#6 Killa78

Killa78
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:36 AM

Posted 07 April 2013 - 02:08 PM

One more reason not to use your Tune-up tool.

 

Can you post a fresh DDS log as requested.

Make sure you remove the blank lines.

 

 

Actually just realized the blank lines you may be talking about are from using the BBC markup  for code {Code} with ['s instead of { ofcourse.

 

Here's one without {Code}

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 9.0.8112.16464  BrowserJavaVersion: 10.17.2
Run by Killa at 14:57:01 on 2013-04-07
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.4044.2605 [GMT -4:00]
.
AV: GFI Software VIPRE *Enabled/Updated* {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: GFI Software VIPRE *Enabled/Updated* {5BB89C30-6480-BC7C-9F17-199BD76F557A}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\GFI Software\VIPRE\SBPIMSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Alienware\Command Center\AWCCServiceController.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files (x86)\GFI Software\VIPRE\SBAMSvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe
C:\Program Files (x86)\GFI Software\VIPRE\SBAMTray.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher32.exe
C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher64.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Windows\system32\igfxtray.exe
C:\Windows\system32\hkcmd.exe
C:\Program Files (x86)\AlienRespawn\components\scheduler\stservice.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\Killa\AppData\Local\Apps\2.0\G3AWA4V3.2A2\JYLE2BRJ.6EA\curs..tion_9e9e83ddf3ed3ead_0005.0001_dcfaec929722f6ac\CurseClient.exe
C:\Users\Killa\Desktop\putty.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe
C:\Program Files\AlienAutopsy\imstrayicon.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskmgr.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10042&barid={EACD241C-8E97-11E2-8CA0-D4BED928AF32}
uDefault_Page_URL = hxxp://AlienwareArena.com
mStart Page = hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10042&barid={EACD241C-8E97-11E2-8CA0-D4BED928AF32}
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe                                                                                                                                                                                                              
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe                                                                                                                                                                                                    
mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin                                                                                                                                                                     
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [SBAMTray] "C:\Program Files (x86)\GFI Software\VIPRE\SBAMTray.exe"
mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
mRunOnce: [InnoSetupRegFile.0000000001] "C:\Windows\is-RFQKJ.exe" /REG /REGSVRMODE
StartupFolder: C:\Users\Killa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBC} - C:\Program Files (x86)\Java\jre7\bin\jp2iexp.dll
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{2A8033AA-E23C-433B-9221-3C211CFCCF72} : DHCPNameServer = 10.0.1.1
TCP: Interfaces\{2A848821-F6ED-4352-8BC7-21E1A4B7E7DE} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{2A848821-F6ED-4352-8BC7-21E1A4B7E7DE}\44F6E6470255375602D456022427F6 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{2A848821-F6ED-4352-8BC7-21E1A4B7E7DE}\45865605275637964656E6479616C653 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{2A848821-F6ED-4352-8BC7-21E1A4B7E7DE}\47162696478616D6561646F67737 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{2A848821-F6ED-4352-8BC7-21E1A4B7E7DE}\C696E6B6379737 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{2A848821-F6ED-4352-8BC7-21E1A4B7E7DE}\E4544574541425 : DHCPNameServer = 192.168.88.1
TCP: Interfaces\{2A848821-F6ED-4352-8BC7-21E1A4B7E7DE}\E45445745414251363 : DHCPNameServer = 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
AppInit_DLLs= C:\Windows\SysWOW64\nvinit.dll
SSODL: WebCheck - <orphaned>
IFEO: AcroRd32.exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
IFEO: bttray.exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
IFEO: iastorui.exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
IFEO: imfrmwrk.exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
IFEO: kscviewer.exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Run: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray                                                                                                                                                                                
x64-Run: [Command Center Controllers] "C:\Program Files\Alienware\Command Center\AWCCStartupOrchestrator.exe"
x64-Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /MAXX3
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"                                                                                                                                                                                     
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-IFEO: AcroRd32.exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
x64-IFEO: bttray.exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
x64-IFEO: iastorui.exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
x64-IFEO: imfrmwrk.exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
x64-IFEO: kscviewer.exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
.
Note: multiple IFEO entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Killa\AppData\Roaming\Mozilla\Firefox\Profiles\ubz5znh5.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Game\SoftnyxGame\NyxLauncherIS\npSoftnyx.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Users\Killa\AppData\Roaming\raidcall\plugins\nprcplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 EMSC;COMPAL Embedded System Control;C:\Windows\System32\drivers\EMSC.sys [2009-6-26 16752]
R0 nvpciflt;nvpciflt;C:\Windows\System32\drivers\nvpciflt.sys [2013-1-8 30648]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2012-4-19 55856]
R0 stdcfltn;Disk Class Filter Driver for Accelerometer;C:\Windows\System32\drivers\stdcfltn.sys [2012-4-19 21616]
R1 nvkflt;nvkflt;C:\Windows\System32\drivers\nvkflt.sys [2013-1-8 284600]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-9-30 398184]
R2 SBAMSvc;VIPRE Antivirus;C:\Program Files (x86)\GFI Software\VIPRE\SBAMSvc.exe [2013-2-20 3680512]
R2 sbapifs;sbapifs;C:\Windows\System32\drivers\sbapifs.sys [2012-12-4 86968]
R2 SBPIMSvc;SB Recovery Service;C:\Program Files (x86)\GFI Software\VIPRE\SBPIMSvc.exe [2013-2-20 175936]
R3 Acceler;Accelerometer Service;C:\Windows\System32\drivers\Accelern.sys [2012-4-19 27760]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2012-4-19 176096]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-4-19 317440]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2012-4-19 76912]
R3 ManyCam;ManyCam Virtual Webcam;C:\Windows\System32\drivers\mcvidrv_x64.sys [2013-2-8 44928]
R3 mcaudrv_simple;ManyCam Virtual Microphone;C:\Windows\System32\drivers\mcaudrv_x64.sys [2012-10-10 29696]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2012-4-19 82432]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2012-4-19 181760]
R3 nvoclk64;NVIDIA Enthusiasts Platform KDM;C:\Windows\System32\drivers\nvoclk64.sys [2009-9-15 42088]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2012-4-19 337512]
R3 sbwtis;sbwtis;C:\Windows\System32\drivers\sbwtis.sys [2012-12-11 88864]
R3 wdkmd;Intel WiDi KMD;C:\Windows\System32\drivers\WDKMD.sys [2010-12-1 42392]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 btwampfl;Bluetooth AMP USB Filter;C:\Windows\System32\drivers\btwampfl.sys [2012-4-19 344616]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2012-4-19 39464]
S3 gfiark;gfiark;C:\Windows\System32\drivers\gfiark.sys [2013-4-3 38456]
S3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2012-4-19 158976]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\System32\GameMon.des -service --> C:\Windows\System32\GameMon.des -service [?]
S3 rak;rak;C:\Game\SoftnyxGame\RakionIS\Bin\avital\rakion64.sys [2013-3-18 81880]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-2-15 52736]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-4-27 1255736]
S4 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2012-5-10 98208]
S4 AlienFusionService;Alienware Fusion Service;C:\Program Files\Alienware\Command Center\AlienFusionService.exe [2011-3-22 15296]
S4 HiPatchService;Hi-Rez Studios Authenticate and Update Service;C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [2013-2-25 8704]
S4 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-4-19 13336]
S4 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-12-17 340240]
S4 SftService;SoftThinks Agent Service;C:\Program Files (x86)\AlienRespawn\SftService.exe [2012-4-19 1695040]
S4 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-1-8 161536]
S4 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-12-29 383416]
S4 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S4 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-7-20 2673064]
.
=============== Created Last 30 ================
.
2013-04-06 00:55:39    --------    d-----w-    C:\Users\Killa\AppData\Roaming\.minecraft
2013-04-05 01:46:37    388096    ----a-r-    C:\Users\Killa\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-04-05 01:46:37    --------    d-----w-    C:\Program Files (x86)\Trend Micro
2013-04-05 01:33:08    710504    ----a-w-    C:\Windows\is-RFQKJ.exe
2013-04-04 22:23:35    --------    d-----w-    C:\Users\Killa\AppData\Roaming\Curse Advertising
2013-04-03 17:33:47    38456    ----a-w-    C:\Windows\System32\drivers\gfiark.sys
2013-04-03 17:32:19    --------    d-----w-    C:\ProgramData\GFI Software
2013-04-03 17:32:02    47936    ----a-w-    C:\Windows\System32\sbbd.exe
2013-04-03 17:31:15    --------    d-----w-    C:\Program Files (x86)\GFI Software
2013-04-03 17:31:08    --------    d-----w-    C:\Users\Killa\AppData\Roaming\GFI Software
2013-04-03 17:23:46    --------    d-----w-    C:\Program Files (x86)\Steam
2013-04-03 17:07:10    --------    d-----w-    C:\Program Files\CCleaner
2013-04-03 17:00:41    1644    ----a-w-    C:\file.reg
2013-04-02 08:37:35    9311288    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{00A1BECC-92C2-498C-B6BC-D19179AB8A83}\mpengine.dll
2013-03-27 13:49:12    --------    d-----w-    C:\Program Files (x86)\RIFT
2013-03-19 04:52:48    5017816    ----a-w-    C:\Windows\SysWow64\GameMon.des
2013-03-19 04:50:02    4682    ----a-w-    C:\Windows\SysWow64\npptNT2.sys
2013-03-19 04:50:01    5174    ----a-w-    C:\Windows\SysWow64\nppt9x.vxd
2013-03-19 04:49:57    --------    d-----w-    C:\Program Files\Common Files\INCA Shared
2013-03-19 04:39:05    --------    d-----w-    C:\Program Files (x86)\CABAL Online (NA - Global)
2013-03-19 02:36:53    --------    d-----w-    C:\Game
2013-03-17 18:33:42    --------    d-----w-    C:\Windows\CleanMem
2013-03-17 18:33:42    --------    d-----w-    C:\Program Files (x86)\CleanMem
2013-03-17 00:29:12    --------    d-----w-    C:\Users\Killa\AppData\Roaming\EpicBot
2013-03-16 00:32:53    --------    d-----w-    C:\Users\Killa\jagexcache
2013-03-15 20:15:15    --------    d-----w-    C:\Program Files (x86)\EpicBot
2013-03-11 23:00:55    95648    ----a-w-    C:\Windows\SysWow64\WindowsAccessBridge-32.dll
.
==================== Find3M  ====================
.
2013-03-11 23:00:52    861088    ----a-w-    C:\Windows\SysWow64\npDeployJava1.dll
2013-03-11 23:00:52    782240    ----a-w-    C:\Windows\SysWow64\deployJava1.dll
2013-02-21 01:30:50    47936    ----a-w-    C:\Windows\SysWow64\sbbd.exe
2013-02-13 13:43:26    963488    ----a-w-    C:\Windows\System32\deployJava1.dll
2013-02-13 13:43:26    1085344    ----a-w-    C:\Windows\System32\npDeployJava1.dll
2013-02-13 13:43:26    108448    ----a-w-    C:\Windows\System32\WindowsAccessBridge-64.dll
2013-02-09 00:52:31    74096    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-09 00:52:31    697712    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-01-17 05:28:58    273840    ------w-    C:\Windows\System32\MpSigStub.exe
2013-01-09 01:19:09    2312704    ----a-w-    C:\Windows\System32\jscript9.dll
2013-01-09 01:12:03    1392128    ----a-w-    C:\Windows\System32\wininet.dll
2013-01-09 01:11:06    1494528    ----a-w-    C:\Windows\System32\inetcpl.cpl
2013-01-09 01:07:51    173056    ----a-w-    C:\Windows\System32\ieUnatt.exe
2013-01-09 01:07:47    599040    ----a-w-    C:\Windows\System32\vbscript.dll
2013-01-09 01:04:42    2382848    ----a-w-    C:\Windows\System32\mshtml.tlb
2013-01-08 22:11:21    1800704    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2013-01-08 22:03:20    1129472    ----a-w-    C:\Windows\SysWow64\wininet.dll
2013-01-08 22:03:12    1427968    ----a-w-    C:\Windows\SysWow64\inetcpl.cpl
2013-01-08 21:59:02    142848    ----a-w-    C:\Windows\SysWow64\ieUnatt.exe
2013-01-08 21:58:29    420864    ----a-w-    C:\Windows\SysWow64\vbscript.dll
2013-01-08 21:56:23    2382848    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
.
============= FINISH: 14:57:12.42 ===============
 

 

as you can see no double spaces etc, has nothign to do with word wrap but the {Code} markup on BleepingComputer, avid forum user here and i tend to markup things to make posts look more professional.


Edited by Killa78, 07 April 2013 - 02:12 PM.


#7 nasdaq

nasdaq

  • Malware Response Team
  • 39,520 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:36 AM

Posted 08 April 2013 - 07:05 AM

Actually just realized the blank lines you may be talking about are from using the BBC markup for code {Code} with ['s instead of { ofcourse.

I removed the code box from your first post. The blank lines are still present.
I will test this and report to the administrator. This BB to HTLM version of the forum is given me some problems, have to revised all my canned speeches.
Thanks for the information.
===

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Link 1
Link 2

IMPORTANT !!! Save ComboFix.exe to your Desktop

1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe and follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note: Do not mouse click ComboFix's window while it's running. That may cause it to stall

Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
===

Third party programs if not up to date can be the cause of infiltration an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Search and delete the AdWare, PUP (Potentially Unwanted Program) installed on your computer.

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete tab follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Rn].txt (n is a number).
Please paste the logs in your next reply DO NOT ATTACH THEM.
Let me know what problem persists.

#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,520 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:36 AM

Posted 14 April 2013 - 09:29 AM

Are you still with me?

#9 nasdaq

nasdaq

  • Malware Response Team
  • 39,520 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:36 AM

Posted 20 April 2013 - 01:09 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users